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CLAIMS 

Listings of claims: 

1 . (Currently Amended) A system of socuro l y control li ng a wireless mobile 
communication device, comprising: 

at least one memory storing a first domain comprising a first set of assets each 
sharing a first level of trust, and the at least one memory storing a second domain 
comprising a second set of assets each sharing a second level of trust, wherein the first 
level of trust is different than the second level of trust; a plura l ity of domains r e s i d i ng on a 
w i r ele ss mobil e communication d e vice, at l e ast on e domain i nc l ud i ng a p l urality of 
d i ff e r e nt typ o s of ass e ts of th e w i reless mobil e communication d e v i c e , th e d i ff e r e nt typ e s 
of ass e ts w i thin a domain r e quiring a common le v el of trust to acc e ss; and 

a domain controller^,]] configured to control the first domain and the second 
domain, p l ural i ty of doma i ns on th e mob i l e d e v i ce, for control li ng and further configured to 
control access to the first set of assets and the second set of assets; 

wherein the domain controller is further diff e rent typ e s of ass e ts that r e gu i r e a 
common l e v el of trust to acc e ss w i th i n a domain configured to receive a request to 
perform an operation affecting at le ast on e of th e assets, a particular asset in the first set 
of assets and to determine whether the request originated w i th an from a first entity that 
has a first trust relationship with the first domain : and that i nc l ud e s th e at le ast on e 
aff e ct e d ass e t, and to p e rm i t 

wherein the domain controller is further configured to permit completion of the 
operation affecting the particular asset only if the request originated with-an from the first 
entity , and wherein the domain controller is further configured to permit the first entity to 

2 

86950 V2/4214.24802 



Atty Docket No. 10742-US-PCT 
4214-24802 

perform operations with respect to each of the first set of assets. : 
relationsh i p w i th th e domain that inc l ud e s th e at le ast ono aff e ct e d asset; 



2. (Currently Amended) The syst e m wireless mobile communication device of 
claim 1 , further comprising a key store for storing cryptographic keys associated with the 
first domain that i nclud e s th o at least on e affected ass e t, wherein the domain controller is 
configured to determine whether the r o quost or i g i nat e d w i th an first entity that has a trust 
r el at i onship w i th th e domain js using the cryptographic keys. 



3. (Currently Amended) The syst e m wireless mobile communication device of 
claim 1 , wherein the domain controller is configured to determine whether the r e qu e st 
or i g i nat e d w i th th o ent i ty that has a trust re l ationship w i th th o doma i n that i nclud e s the at 
l e ast on e aff e cted ass e t by d e t e rmin i ng wh e th e r the first domain t 
one aff e ct e d ass e t also includes the first entity. 



4. (Currently Amended) The syst e m wireless mobile communication device of 
claim 1 , wherein the at l e ast on e first domain further includes as an asset a software 
application for which the domain controller permits completion of the operation upon the 
software application; if tho r e qu e st or i g i nat e d w i th an e ntity that has a trust r e lat i onship 
w i th th e at l east one doma i n that i nc l ud e s as an ass e t the softwar e applicat i on; 

wherein completion of the operation is not permitted if the request originated with 
[[an]] a second entity that does not have a trust relationship with the at l e ast on e first 
domain^ that includ e s th e softwar e app li cat i on as an ass e t. 
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5. (Currently Amended) The system wireless mobile communication device of 
claim 4, wh o r oi n at l o ast on e of th o domains comprises a p l ura l ity of doma i ns, and 
wherein the wireless mobile communication device further comprises a super user 
software application that has a trust relationship with both the first domain and the second 
domain, mor e than on o of th e plura l ity of domains. 

6. (Currently Amended) The syst e m wireless mobile communication device of 
claim 5, wherein e ach of the mor e th a n on e of th e plurality of doma i ns i nclud e s both the 
first domain and the second domain include the super user software application. 

7. (Currently Amended) The system wireless mobile communication device of 
claim 1, wherein the domain controller is further configured to receive information, and to 
place the information into at least one of the first domain and the second domain, a 

8. (Currently Amended) The system wireless mobile communication device of 
claim 1 , wherein the at l east on e ass e t i s first set of assets are selected from the group 
consisting of: 

communication pipes, persistent data, properties, and software applications. 

9. (Currently Amended) The syst e m wireless mobile communication device of 
claim 1, further comprising a data store for storing properties, wherein the domain 
controller is further configured to determine whether the operation is permitted by 
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properties in the data store, and to permit completion of the operation if the operation is 
permitted by the properties in the data store; 

wherein completion of the operation is not permitted if the operation is not 
permitted by the properties in the data store. 

1 0. (Currently Amended) The syst e m wireless mobile communication device of 
claim 9, wherein each property is global, domain-specific, or specific to a particular 
software application on the wireless mobile communication device. 
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1 1 . (Currently Amended) A method for secure control of a wireless mobile 
communication device, comprising: 

segregating a plurality assets of the wireless mobile communication device into a 
first set of assets in a first domain and into a second set of assets in a second domain, 
wherein the first set of assets includes at least two plura li ty of doma i ns, at le ast on e 
doma i n i nc l uding a p l ural i ty of different types of assets of the w i r ele ss mob ile 
communicat i on d e vic e , th o d i ff e r e nt typ e s of assets within a dom a in wherein the first set 
of assets share a first level of trust to access, wherein the second set of assets share a 
requiring a common second level of trust to access , and wherein the first level of trust is 
different than the second level of trust ; 

receiving a request from a first entity to perform an operation affecting at least one 
of the first set of assets; 

determining., via a domain controller configured to control the p l ura li ty of dom ai ns 
on the mobi lo devic e first domain and the second domain, whether the operation is 
permitted by the first domain , wherein the operation is permitted by the first domain if the 
first entity has a first trust relationship with the first domain and further wherein the first 
entity is allowed to perform operations with respect to each of the first set of assets: that 
inc l ud e s th o aff e ct e d ass e t; and 

allowing the operation to be completed onjy if the operation is permitted by the first 

wherein comp le t i on of th e op e ration is not allow e d i f th e op e ration is not p e rmitt e d 
by th e domain that i nc l ud e s th e aff e ct e d ass e t. 

12-18. (Canceled) 
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1 9. (Currently Amended) The method of claim [[1 8,]] 11, further comprising the 
step of: 

determining whether the operation is permitted by a property stored at the wireless 
mobile communication device, 

wherein the step of allowing comprises the step of allowing the operation to be 
completed if the operation is permitted by both the first domain and the property; 

wherein the operation is not allowed to be completed if the operation is not 
permitted by both the first domain and the property, and 

wherein the step of determining whether the operation is permitted by the property 
comprises prop e rt ie s ctor o d at th o wirel e ss mob ile communicat i on d e v i c e compris e s th e 
step of checking a global prop e rt ie s property for the wireless mobile communication 
device and a domain properti e s property for the first domain that i nclud e s th e at le ast on e 
aff e ct e d ass e t. 

20. (Currently Amended) The method of claim 1 9, wherein the request originates 
from a software application, and wherein the step of determining whether the operation is 
permitted by propert ie s stor e d at th e w i r ele ss mobi le commun i cation d e vic e further 
comprises th e st e p of checking an application prop e rti e s property for the software 
application. 
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21 . (Currently Amended) The system of claim 1 , wherein on o doma i n the first set 
of assets includes at least two different assets selected from the group of ass e ts 
consisting of: communication pipes, persistent data, properties, and software applications. 

22. (New) The wireless mobile communications device of claim 1 wherein the domain 
controller is further configured to deny completion of the operation of the particular asset if 
the request originated from a second entity that does not have the first trust relationship 
with the first domain. 

23. (New) The wireless mobile communications device of claim 22 wherein the second 
entity has a second trust relationship with the second domain, and wherein the domain 
controller is further configured to permit the second entity to perform operations with 
respect to each of the second set of assets. 

24. (New) The method of claim 1 1 further comprising: 

denying completion of the operation if the request originated from a second entity 
that does not have the first trust relationship with the first domain. 

25. (New) The method of claim 22 wherein the second entity has a second trust 
relationship with the second domain, and wherein the method further comprises: 

permitting the second entity to perform operations with respect to each of the 
second set of assets. 



86950 V2/4214.24802 



8 



Atty Docket No. 10742-US-PCT Patent 
4214-24802 

26. (New) A computer readable medium storing program code which, when executed 
by a processor, performs a method for secure control of a wireless mobile communication 
device, the method comprising: 

segregating a plurality assets of the wireless mobile communication device into a 
first set of assets in a first domain and into a second set of assets in a second domain, 
wherein the first set of assets includes at least two different types of assets, wherein the 
first set of assets share a first level of trust to access, wherein the second set of assets 
share a second level of trust to access, and wherein the first level of trust is different than 
the second level of trust; 

receiving a request from a first entity to perform an operation affecting at least one 
of the first set of assets; 

determining, via a domain controller configured to control the first domain and the 
second domain, whether the operation is permitted by the first domain, wherein the 
operation is permitted by the first domain if the first entity has a first trust relationship with 
the first domain and further wherein the first entity is allowed to perform operations with 
respect to each of the first set of assets; and 

allowing the operation to be completed only if the operation is permitted by the first 
domain. 

27. (New) The computer readable medium of claim 26, wherein the method performed 
by the executed program code further comprises: 

denying completion of the operation if the request originated from a second entity 
that does not have the first trust relationship with the first domain. 
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28. (New) The computer readable medium of claim 27 wherein the second entity has 
a second trust relationship with the second domain, and wherein the method performed 
by the executed program code further comprises: 

permitting the second entity to perform operations with respect to each of the 
second set of assets. 
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